Mandriva: Updated nss_ldap package fixes race condition

2 More Discussions You Might Find Interesting

1. Programming

problem about race condition

Hi all, i'm reading Andrew S.Tanenbaum's book --- Modern Operating System.At the part of discussing race condition.And the author gives a solution with using the TSL instruction,say that one process must call the enter_region function before entering the critical regions and call the leave_region...

2. Programming

Race condition with PTY

I've been experimenting with pseudo-terminals and found something I don't quite understand. Writing an EOF character to the master end doesn't work quite as I expect. Once I've written any other data, the master pty seems to treat a single ^D as a seperator, i.e. writing "abcabc" would let cat do...

LEARN ABOUT FREEBSD

kcm

KCM(8)							    BSD System Manager's Manual 						    KCM(8)

NAME

     kcm -- process-based credential cache for Kerberos tickets.

SYNOPSIS

     kcm [--cache-name=cachename] [-c file | --config-file=file] [-g group | --group=group] [--max-request=size] [--disallow-getting-krbtgt]
	 [--detach] [-h | --help] [-k principal | --system-principal=principal] [-l time | --lifetime=time] [-m mode | --mode=mode]
	 [-n | --no-name-constraints] [-r time | --renewable-life=time] [-s path | --socket-path=path] [--door-path=path] [-S principal |
	 --server=principal] [-t keytab | --keytab=keytab] [-u user | --user=user] [-v | --version]

DESCRIPTION

     kcm is a process based credential cache.  To use it, set the KRB5CCNAME enviroment variable to 'KCM:uid' or add the stanza

     [libdefaults]
	     default_cc_name = KCM:%{uid}

     to the /etc/krb5.conf configuration file and make sure kcm is started in the system startup files.

     The kcm daemon can hold the credentials for all users in the system.  Access control is done with Unix-like permissions.  The daemon checks
     the access on all operations based on the uid and gid of the user.  The tickets are renewed as long as is permitted by the KDC's policy.

     The kcm daemon can also keep a SYSTEM credential that server processes can use to access services.  One example of usage might be an nss_ldap
     module that quickly needs to get credentials and doesn't want to renew the ticket itself.

     Supported options:

     --cache-name=cachename
	     system cache name

     -c file, --config-file=file
	     location of config file

     -g group, --group=group
	     system cache group

     --max-request=size
	     max size for a kcm-request

     --disallow-getting-krbtgt
	     disallow extracting any krbtgt from the kcm daemon.

     --detach
	     detach from console

     -h, --help

     -k principal, --system-principal=principal
	     system principal name

     -l time, --lifetime=time
	     lifetime of system tickets

     -m mode, --mode=mode
	     octal mode of system cache

     -n, --no-name-constraints
	     disable credentials cache name constraints

     -r time, --renewable-life=time
	     renewable lifetime of system tickets

     -s path, --socket-path=path
	     path to kcm domain socket

     --door-path=path
	     path to kcm door socket

     -S principal, --server=principal
	     server to get system ticket for

     -t keytab, --keytab=keytab
	     system keytab name

     -u user, --user=user
	     system cache owner

     -v, --version

Heimdal 							   May 29, 2005 							   Heimdal

Security Advisories (RSS)